[
https://issues.apache.org/jira/browse/HDDS-1119?focusedWorklogId=211315&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-211315
]
ASF GitHub Bot logged work on HDDS-1119:
----------------------------------------
Author: ASF GitHub Bot
Created on: 11/Mar/19 21:32
Start Date: 11/Mar/19 21:32
Worklog Time Spent: 10m
Work Description: xiaoyuyao commented on pull request #574: HDDS-1119. DN
get OM certificate from SCM CA for block token validation.
URL: https://github.com/apache/hadoop/pull/574#discussion_r264439727
##########
File path:
hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
##########
@@ -65,24 +79,63 @@
*/
public abstract class DefaultCertificateClient implements CertificateClient {
+ private static final String CERT_FILE_NAME_FORMAT = "%s.crt";
private final Logger logger;
private final SecurityConfig securityConfig;
private final KeyCodec keyCodec;
private PrivateKey privateKey;
private PublicKey publicKey;
private X509Certificate x509Certificate;
+ private Map<String, X509Certificate> certificateMap;
DefaultCertificateClient(SecurityConfig securityConfig, Logger log) {
Objects.requireNonNull(securityConfig);
this.securityConfig = securityConfig;
keyCodec = new KeyCodec(securityConfig);
this.logger = log;
+ this.certificateMap = new ConcurrentHashMap<>();
+
+ loadAllCertificates();
+ }
+
+ /**
+ * Load all certificates from configured location.
+ * */
+ private void loadAllCertificates() {
+ // See if certs directory exists in file system.
+ Path certPath = securityConfig.getCertificateLocation();
+ if (Files.exists(certPath) && Files.isDirectory(certPath)) {
+ getLogger().info("Loading certificate from location:{}.",
+ certPath);
+ File[] certFiles = certPath.toFile().listFiles();
+
+ if (certFiles != null) {
+ for (File file : certFiles) {
+ if (file.isFile()) {
+ CertificateCodec certificateCodec =
+ new CertificateCodec(securityConfig);
+ try {
+ X509CertificateHolder x509CertificateHolder = certificateCodec
+ .readCertificate(certPath, file.getName());
+ X509Certificate cert =
+ CertificateCodec.getX509Certificate(x509CertificateHolder);
+ certificateMap.putIfAbsent(cert.getSerialNumber().toString(),
+ cert);
+ getLogger().info("Added certificate from file:{}.",
+ file.getAbsolutePath());
+ } catch (java.security.cert.CertificateException | IOException e) {
+ getLogger().error("Error reading certificate.", e);
Review comment:
can you add a file path to the log?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 211315)
Time Spent: 3.5h (was: 3h 20m)
> DN get OM certificate from SCM CA for block token validation
> ------------------------------------------------------------
>
> Key: HDDS-1119
> URL: https://issues.apache.org/jira/browse/HDDS-1119
> Project: Hadoop Distributed Data Store
> Issue Type: Sub-task
> Reporter: Xiaoyu Yao
> Assignee: Ajay Kumar
> Priority: Major
> Labels: pull-request-available
> Time Spent: 3.5h
> Remaining Estimate: 0h
>
> This is needed when the DN received block token signed by OM and it does not
> have the certificate that OM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
